Facial recognition technology is no longer a thing of Hollywood movies. It’s on your mobile phone, advertising billboards, Facebook, and a myriad other websites, so it was finally time for the U.S. Federal Trade Commission to publish new guidelines that recommend “best practices” for the technology.

The ultimate concern of facial recognition technology is privacy; not everyone who sees a billboard will want to be recognized, nor are they expecting to. If a security breach should occur, collected data can also make virtually anyone who happens to come across a facially-recognizable ad vulnerable. For this reason, the FTC advises ads to make a bold, clear statement when facial recognition tech is being used so those who do not want to participate can avoid the screen. Other guidelines are also pretty blatant and common sense, such as avoiding the use of such tech in “sensitive areas, such as bathrooms, locker rooms, health care facilities, or places where children congregate.”

“In another example cited in the report, FTC staff recommends that social networks using facial recognition features should provide consumers with clear notice about how the feature works, what data it collects, and how that data will be used,” the FTC release states. “They also should provide consumers with an easy to use choice not to have their biometric data collected and used for facial recognition, and the ability to turn the feature off at any time and have the biometric data previously collected from their photos permanently deleted.”

So for example, online clothing stores that let you virtually try on outfits, hats, or glasses should delete any information the user uploads onto the site once he or she have deleted their account. In the case for social networks, the FTC recommends that companies be wary of showing pictures of people to accounts they aren’t “friends” with — which could be tricky considering one of Facebook’s password recovery methods allows you to see a list of friends and their profile photos to help you get your account back. I was able to do this to a random friend’s account and see his full list of friends even without providing his personal email address. This is a step up from previous Facebook password recovery methods, however, considering the last time I changed my password, Facebook showed me a slew of photos of my tagged friends and asked me to identify who they were. Surely, I would not want my photos shown to strangers who were trying to hack into my friends’ accounts.

But then again, the above statements are general FTC guidelines and no legal standing just yet, so it’s unclear how exactly the FTC plans to ensure companies and users are abiding by these recommendations. The guideline officially takes place as of this week, so expect some policy change emails flooding your inbox in the near future.